Last updated: March 2026
We collect information you provide directly: account details (name, email, organisation name), training data (student names, course details), and certificate content. We also collect usage data (IP addresses, browser type) for security and analytics.
We use your data to: provide and improve the Service, process subscriptions, send notifications, ensure security, and comply with legal obligations.
Data is stored on secure servers hosted in the UK/EU. We use encryption (TLS in transit, Fernet at rest for sensitive fields), access controls, and regular security audits to protect your information.
We do not sell your data. We share data only with: payment processor (Stripe) for billing, and as required by law.
You have the right to: access your data, rectify inaccuracies, request deletion, restrict processing, data portability, and object to processing. Contact us to exercise these rights.
We retain your data for as long as your account is active. Upon account deletion, we remove personal data within 30 days, except where retention is required by law.
We use essential cookies for session management and security. We do not use advertising or third-party tracking cookies.
We may update this policy from time to time. We will notify you of material changes via email or in-app notification.
For privacy enquiries, contact our Data Protection Officer at privacy@caresuite247.com.